259801
|
- |
|
wordpress
|
wordpress
|
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it eas…
|
CWE-20
Improper Input Validation
|
CVE-2013-5738
|
2013-09-27 12:47 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259802
|
- |
|
wordpress
|
wordpress
|
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) at…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5739
|
2013-09-27 12:47 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259803
|
- |
|
apple
|
safari
|
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
|
CWE-79
Cross-site Scripting
|
CVE-2013-1012
|
2013-09-27 12:43 |
2013-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259804
|
- |
|
apple
|
iphone_os mac_os_x
|
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF docu…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1025
|
2013-09-27 12:43 |
2013-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259805
|
- |
|
apple
|
mac_os_x iphone_os
|
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF docume…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1026
|
2013-09-27 12:43 |
2013-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259806
|
- |
|
apple
|
iphone_os mac_os_x
|
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof securi…
|
CWE-20
Improper Input Validation
|
CVE-2013-1028
|
2013-09-27 12:43 |
2013-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259807
|
- |
|
open-xchange
|
open-xchange_appsuite open-xchange_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3106
|
2013-09-27 02:35 |
2013-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259808
|
- |
|
open-xchange
|
open-xchange_appsuite open-xchange_server
|
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to …
|
CWE-94
Code Injection
|
CVE-2013-2582
|
2013-09-27 01:47 |
2013-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259809
|
- |
|
sharethis
|
sharethis
|
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this…
|
CWE-352
Origin Validation Error
|
CVE-2013-3479
|
2013-09-27 01:47 |
2013-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259810
|
- |
|
open-xchange
|
open-xchange_appsuite open-xchange_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow r…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2583
|
2013-09-27 01:44 |
2013-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|